Botnet Targets Major Web sites

By ServerWatch Staff (Send Email)
Posted Feb 2, 2010

The actual DDos-like traffic attacks are bogus SSL connections. According to the report on DarkReading, the infected bots initiate an SSL connection with some 'junk&' traffic and then disconnects. The news report also points out that it is unclear whether this is a test-run for phony SSL connections gone amuck, or something else.

The Pushdo botnet is reported to have hammered hundreds of Web servers — including Google Chrome, Chase, and the FBI site — with a lot of phony traffic.

"Blending in has traditionally been Pushdo's trademark: Although it's one of the top five spamming botnets, it's also one of the more under-the-radar botnets around. But this latest activity has researchers wondering how this massive surge of traffic, which resembles a distributed denial-of-service (DDoS) attack, would ultimately help its traffic blend in and become less detectable.

"Shadowserver says the traffic is technically an attack, even though it doesn't appear to be trying to knock the sites offline like a DDoS does. 'We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn't quite look like a DDoS either,' Adair says."

Read the Full Story at DarkReading

Page 1 of 1

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.